412-79v9 무료 덤프문제 온라인 액세스

Which of the following has an offset field that specifies the length of the header and data?

• A.ICMP Header
• B.IP Header
• C.UDP Header
• D.TCP Header

Application security assessment is one of the activity that a pen tester performs in the attack phase. It is designed to identify and assess threats to the organization through bespoke, proprietary applications or systems. It checks the application so that a malicious user cannot access, modify, or destroy data or services within the system.

Identify the type of application security assessment which analyzes the application-based code to confirm that it does not contain any sensitive information that an attacker might use to exploit an application.

• A.Source Code Review
• B.Functionality Testing
• C.Web Penetration Testing
• D.Authorization Testing

Nessus can test a server or a network for DoS vulnerabilities. Which one of the following script tries to kill a service?

• A.ACT_FLOOD
• B.ACT_ATTACK
• C.ACT_DENIAL
• D.ACT_KILL_HOST

John, the penetration tester in a pen test firm, was asked to find whether NTP services are opened on the target network (10.0.0.7) using Nmap tool.

Which one of the following Nmap commands will he use to find it?

• A.nmap -sU -p 123 10.0.0.7
• B.nmap -sU -p 389 10.0.0.7
• C.nmap -sU -p 135 10.0.0.7
• D.nmap -sU -p 161 10.0.0.7

You are conducting a penetration test against a company and you would like to know a personal email address of John, a crucial employee. What is the fastest, cheapest way to find out John's email address.

• A.Call his wife and ask for his personal email account
• B.Send an email to John stating that you cannot send him an important spreadsheet attachment file to his business email account and ask him if he has any other email accounts
• C.Call a receptionist and ask for John Stevens' personal email account
• D.Search in Google for his personal email ID